Here at School Products your privacy is our priority, especially as we deal with the personal data of children.
The formal bits:
Company: Bonacia Ltd
Brand: School Products
Company Number: 05368980
Data Protection Officer: We engage an external team to look after and advise us on our Data Compliance, they are Xynics Data Solutions Ltd and can be contacted at firstname.lastname@example.org, on 0330 3800628, or by writing to them via our address below;
Address: Remus house, Coltsfoot Drive, Woodston, Peterborough, PE2 9BF
Data Protection registration number: ZA230462
We’ve tried to make how we process your data as simple as possible to understand. Use the handy table below to check out when, what, why and how we process your personal data, but first;
School Products will not share or transfer your data to any third parties, however to manage our emails, we may save your email address and name on a system called Ontraport (who are subscribed to the EU-US Privacy Shield framework which ensures they follow EU laws in their processing and security) and we will send any orders through Royal Mail or Parcel Force who have their own comprehensive GDPR policies.
|When…||What?||Why?||How and how long? (Lawful basis and retention)|
|You place an order with us||Name, email address, contact number, school name and school address||So we can send you your order||
|We send you a proof via email or post||Name, email address, contact number, school name and school address and also the names and photographs of children you add to these products||So we can send you your proof||Contractual
We’ll keep this data for 2 years and hopefully you will request another sample the next academic year
|You create a Personalised product with us. This could be online, by email or using a USB||Name, email address, contact number, school name and school address and also the names and photographs of children you add to these products||To help you create the most amazing personalised product||Contractual
We will keep this information for 2 years. If you supply this by USB we will transfer the information on to our secure servers and delete it from the USB as soon as we receive it
|When you sign up to our newsletter||Your name and email address||To send you’re your monthly newsletter||Consent-based
We will keep this info for 12 months. We will then ask you if you would like to resubscribe for a further 12 months
|When you contact us via email, live chat or contact us form||Your name and email address||To respond to your enquiry||Legitimate Interest (if you are sending us an email it is in our interests as a business to respond to your query)
We only keep this information for 3 months and then it is deleted
|You win a social media giveaway||Your name and address||To send you your prize||Contractual
We only keep this info for 1 month, we may for some reason need to resend the item out
When we take payments from you online or by post;
International Data Transfers
Bonacia Ltd utilise the Amazon Cloud services to store and process data. Amazon.com Inc. subscribe to something called the EU-US Privacy Shield Framework, which means they have committed to processing information in accordance with EU law, and thus abide by the GDPR. You can view their current registration on this scheme here.
Don’t worry, your information is safe, our services are in a private cloud and are encrypted, so nobody but us (not even Amazon themselves) can access or view the information we store.
Your rights over your information
By law, you can ask us to:
- provide you with a copy of or access to all information we hold about you,
- correct it if it is inaccurate
- Erase it.
You can also ask us to stop using your information, in part or in full – the simplest way to do this is to withdraw your consent, which you can do at any time, either by clicking the unsubscribe link at the end of any of our emails, or by emailing, writing or telephoning us using the contact details above.
If our lawful reason for processing your information is not consent and you would like us to stop using it you can submit a request by email, post or telephone. Please use the contact information provided above.
You can also ask us to give you a copy of the information and to stop using your information for a period of time if you believe we are not doing so lawfully.
Your right to complain
If you have a complaint about our use of your information, you can contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at:
Information Commissioner’s Office
For those of you who would like more information on how we look after and protect your data please see the FAQs below.
How/where is my data stored?
All personal data is held within Bonacia’s secure network which uses ‘per user’ based access control, or on our secure Amazon server (as detailed in the above International Data Transfer Section).
Each brand within Bonacia has its own dedicated folder structure, which ensures that only those Bonacia employees that need to see any personal information can.
Do you use the illusive ‘Cloud’ to store data or backups, if so how do you keep it safe?
We use Netgear for this, they are a very reputable company and know what they are doing. All data is encrypted using 128 bit SSL secure connection for transmission and 256 bit AES encryption for the physical data.
All data also hides behind firewalls and are password protected.
Are your premises secure?
Of course! We have a motion sensor alarm system, window locks and films, a strict visitor policy, CCTV and a clean desk policy to make sure your data is safe. We also have access control so only employees can get in.
Are your staff responsible and reliable, and will they look after my data?
Firstly we only employ responsible people; we get full references and all members of staff have completed a DBS check so we know who we’re working with.
We also train our staff in data protection and have policies and procedures in place to make sure your personal data stays safe.
How is paper with personal data on safely and securely disposed of?
We have secure shredding bins in the office, these are locked and secure at all times. They are picked up monthly and shredded off site. Don’t panic though the vans are well protected with CCTV and we get a pick up note and confirmation when all our waste has been securely destroyed.
So there you have an overview of how we protect your data. You can now relax and know your data is in safe hands. If you would like any further information on how we look after your data please contact us and we’ll be more than happy to help.